sensu.sensu_go.user – Manage Sensu users

Note

This plugin is part of the sensu.sensu_go collection (version 1.12.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sensu.sensu_go.

To use it in a playbook, specify: sensu.sensu_go.user.

New in version 1.0.0: of sensu.sensu_go

Synopsis
Requirements
Parameters
See Also
Examples
Return Values

Synopsis

Create, update, activate or deactivate Sensu user.
For more information, refer to the Sensu documentation at https://docs.sensu.io/sensu-go/latest/reference/rbac/#users.

Requirements

The below requirements are needed on the host that executes this module.

bcrypt (when managing Sensu Go 5.21.0 or newer)
python >= 2.7

Parameters

Parameter		Choices/Defaults	Comments
auth dictionary			Authentication parameters. Can define each of them with ENV as well.
	api_key string added in 1.3.0 of sensu.sensu_go		The API key that should be used when authenticating. If this is not set, the value of the SENSU_API_KEY environment variable will be checked. This replaces auth.user and auth.password parameters. For more information about the API key, refer to the official Sensu documentation at https://docs.sensu.io/sensu-go/latest/guides/use-apikey-feature/.
	ca_path path added in 1.5.0 of sensu.sensu_go		Path to the CA bundle that should be used to validate the backend certificate. If this parameter is not set, module will use the CA bundle that python is using. It is also possible to set this parameter via the SENSU_CA_PATH environment variable.
	password string	Default: "P@ssw0rd!"	The Sensu user's password. If this is not set the value of the SENSU_PASSWORD environment variable will be checked. This parameter is ignored if the auth.api_key parameter is set.
	url string	Default: "http://localhost:8080"	Location of the Sensu backend API. If this is not set the value of the SENSU_URL environment variable will be checked.
	user string	Default: "admin"	The username to use for connecting to the Sensu API. If this is not set the value of the SENSU_USER environment variable will be checked. This parameter is ignored if the auth.api_key parameter is set.
	verify boolean added in 1.5.0 of sensu.sensu_go	Choices: no yes ←	Flag that controls the certificate validation. If you are using self-signed certificates, you can set this parameter to `false`. ONLY USE THIS PARAMETER IN DEVELOPMENT SCENARIOS! In you use self-signed certificates in production, see the auth.ca_path parameter. It is also possible to set this parameter via the SENSU_VERIFY environment variable.
groups list / elements=string			List of groups user belongs to.
name string / required			The Sensu resource's name. This name (in combination with the namespace where applicable) uniquely identifies the resource that Ansible operates on. If the resource with selected name already exists, Ansible module will update it to match the specification in the task. Consult the name metadata attribute specification in the upstream docs on https://docs.sensu.io/sensu-go/latest/reference/ for more details about valid names and other restrictions.
password string			Password for the user. Required if user with a desired name does not exist yet on the backend and password_hash is not set. If both password and password_hash are set, password_hash is ignored and calculated from the password if required.
password_hash string added in 1.8.0 of sensu.sensu_go			Bcrypt password hash for the user. Use `sensuctl user hash-password PASSWORD` to generate a hash. Required if user with a desired name does not exist yet on the backend and password is not set. If both password and password_hash are set, password_hash is ignored and calculated from the password if required. Sensu Go < 5.21.0 does not support creating/updating users using hashed passwords. Use password parameter if you need to manage such Sensu Go installations. At the moment, change detection does not work properly when using password hashes because the Sensu Go backend does not expose enough information via its API.
state string		Choices: enabled ← disabled	Desired state of the user. Users cannot actually be deleted, only deactivated.

Examples

- name: Create a user
  sensu.sensu_go.user:
    auth:
      url: http://localhost:8080
    name: awesome_username
    password: hidden_password?
    groups:
      - dev
      - prod

- name: Use pre-hashed password
  sensu.sensu_go.user:
    auth:
      url: http://localhost:8080
    name: awesome_username
    password_hash: $5f$14$.brXRviMZpbaleSq9kjoUuwm67V/s4IziOLGHjEqxJbzPsreQAyNm

- name: Deactivate a user
  sensu.sensu_go.user:
    name: awesome_username
    state: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
object dictionary	success	Object representing Sensu user. Sample: {'disabled': False, 'groups': ['ops', 'dev'], 'password': 'USER_PASSWORD', 'password_hash': '$5f$14$.brXRviMZpbaleSq9kjoUuwm67V/s4IziOLGHjEqxJbzPsreQAyNm', 'username': 'alice'}

Authors

Paul Arthur (@flowerysong)
Aljaz Kosir (@aljazkosir)
Tadej Borovsak (@tadeboro)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/sensu/sensu_go/user_module.html